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[DOCUMENT NAME] SPECIFICATION 

[TITLE OF THE INVENTION] ACCESS-CONTROLLING METHOD, 

REPEATER, AND SERVER 

[CLAIMS] 

[Claim 1] An access-controlling method for controlling access of a 
terminal of an outside network to a server of an inside network using a 
repeater, the inside network and the outside network being relayed by the 
repeater, the access-controlling method comprising: 

permitting transmission of packets sent by the terminal to the server 
under limited conditions; 

changing conditions to generate changed conditions that define 
packet transmission from the terminal to the server, when the server 
acknowledges connection between the terminal and the server according to 
the packets sent under the limited conditions; and 

controlling the packet transmission from the terminal to the server 
under the changed conditions. 

[Claim2] An access-controlling method as defined in claim 1, 
wherein the limited conditions limit bandwidth of the packet transmission 
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from the terminal to the server within a predetermined range. 

[Claim3] An access-controlling method as defined in claim 1 and 2, 
wherein the packets sent under the limited conditions include 
authentication information to be sent to the server. 

[Claim4] An access-controlling method as defined in claim 1 to 3, 
wherein said changing conditions further comprises changing conditions of 
a flow that is defined using an address of the terminal, an port number of 
the terminal, an address of the server, and a port number of the server. 

[Claim5 ] An access-controlling method for controlling access of a 
terminal of an outside network to a server of an inside network using a 
repeater, the inside network and the outside network being relayed by the 
repeater, the access-controlling method comprising: 

receiving encrypted packets from the terminal; 
decoding the encrypted packets; and 

notifying access control information concerning the encrypted 
packets to the repeater. 

[Claim6] An access-controlling method as defined in claim 5, 
wherein the access control information includes information defining a 
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flow concerning the encrypted packets. 

[Claim7] An access-controlling method as defined in claim 5 and 6, 
wherein the access control information includes information of an address 
of the terminal, a port number of the terminal, an address of the server, and 
a port number of the server. 

[Claim8] An access-controlling method as defined in claim 1 to 

7, further comprising: 

storing access control information in the server; and 

storing the access control information in the repeater, 

wherein, when the server changes the access control information, 

the server notifies the repeater that the access control information has 

changed. 

[Claim9] A repeater for controlling access of a terminal of an 

outside network to a server of an inside network, and for relaying the inside 

network and the outside network, the repeater comprising: 

a first communication unit operable to be connected to the outside 
network; 

a second communication unit operable to be connected to the inside 
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network; 

a storing unit operable to store information correlatively describing 
a flow concerning packets transmitted via the first communication unit and 
the second communication unit, a bandwidth threshold value of the flow, 
and a measured bandwidth value of the flow; 

a classifying unit operable to classify a flow of a packet according 
to the information defining the flow stored in said storing unit to generate a 
classified flow; 

a measuring unit operable to measure a bandwidth of the classified 
flow to generate a measured value, and further operable to store the 
measured value into said storing unit; 

a judging unit operable to compare the measured bandwidth of the 
classified flow with a bandwidth threshold value of the classified flow, to 
judge whether or not transmission of the flow is acknowledged; and 

a bandwidth control unit operable to transmit packets belonging to a 
flow that is judged to be acknowledged by said judging unit, via at least 
one of the first communication unit and the second communication unit. 

[Claim 10] A repeater as defined in claim 9, wherein the bandwidth 
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threshold value of the flow stored in said storing unit is set a value that 
limits transmission within a limited range, until the server acknowledges 
connection between the terminal and the server, and 

wherein, once the server has acknowledged the connection between 
the terminal and the server, the bandwidth threshold value of the flow 
stored in said storing unit is set another value that limits the transmission 
more loosely than the limited range. 

[Claimll] A server for controlling access with a terminal of an 
outside network, the server connecting an inside network, the inside 
network and the outside network being relayed by a repeater, the server 
comprising: 

a communication unit operable to be connected to the inside 
network; 

a storing unit operable to store information correlatively describing 
a flow concerning packets transmitted via the communication unit, a 
bandwidth threshold value of the flow, and a measured bandwidth value of 
the flow; 

a classifying unit operable to classify a flow of a packet according 
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to the information defining the flow stored in said storing unit to generate a 
classified flow; 

a measuring unit operable to measure a bandwidth of the classified 
flow to generate a measured value, and further operable to store the 
measured value into said storing unit; 

a judging unit operable to compare the measured bandwidth of the 
classified flow with a bandwidth threshold value of the classified flow, to 
judge whether or not transmission of the flow is acknowledged; and 

a bandwidth control unit operable to transmit packets belonging to a 
flow that is judged to be acknowledged by said judging unit, via the 
communication unit. 

[Claim 12] A server as defined in claim 11, wherein a value that 
limits transmission within a limited range is set to the bandwidth threshold 
value of the flow stored in said storing unit, until said judging unit judges 
that transmission between the terminal and the server is acknowledged, and 

wherein, when said judging unit judges that transmission between 
the terminal and the server is acknowledged, another value that limits the 
transmission more loosely than the limited range is set to the bandwidth 
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threshold value of the flow stored in said storing unit. 

[Claim 13] A server as defined in claim 11 and 12, wherein, when 
the information stored in said storing unit is changed, said communication 
unit notifies the repeater that the information stored in said storing unit is 
changed. 

[Claim 14] A server as defined in claim 11 to 13, further 
comprising an encryption unit operable to decode an encrypted packet, 

wherein said communication unit notifies access control 
information concerning the encrypted packet to the repeater. 
[DETAILED DESCRIPTION] 
[00 0 1] 
[TECHNICAL FIELD] 

The present invention relates to an access-controlling method, a 
repeater, and a server. 
[0 0 0 2] 
[PRIOR ART] 

First, in this specification, a position where information to be 
protected and a server which manages the information exist is called an 
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inner position, and a position which communicates via a network is called 
an outer position compared to the inner position. 
[0 0 0 3 ] 

An access control (called a firewall and a packet filtering) is now 
used in order to protect the inner position from the following illegal access. 
The illegal access is for example accessing an inner position illegally from 
the outer position, blocking inner-position service from an outer position, 
and carrying out confidential information of the inner position to the outer 
position. Devices which take charge of the access control are one of or both 
of a server itself which offers service, and a repeater which relays 
communication to the server (for example, a router etc.). 
[0 004] 

As prior reference regarding the prior access control, there are 
reference 1 to 3. 
[0 0 0 5] 

As prior references regarding bandwidth control in TCP/TP which is 
a typical network protocol, IPSec, and FlowLabel of IPv6, there are 
non-patented reference 1 to 3. 
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[0 0 0 6] 

(Problem 1) Measures to P2P communication 

In the prior access control, control of a choice between two 
alternatives of whether to transmit a packet or to discard the packet is 
basically performed. 
[0 0 0 7] 

When a server offers service currently open to the public completely, 
for example, the WEB service which can be accessed from the Internet, the 
access control is basically just to transmit the packet to the server. 

[0 00 8] 

When the server offers the service with which access is restricted to 
the fixed range, for example, the file-sharing service by which access is 
limited in a network in the company, all the packets out of the fixed range 
are to be discarded. 
[0 00 9] 

However, when the server offers mail service to a computer which 
belongs to an employee who moved outside from the company on business 
trip, the above access control cannot deal with the case. It is because, in 
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such a case, an IP address and a port number of the computer which 
belongs to the employee is changed, if the employee moves outside from 
the company. 

[0010] 

With references 1 to 3, some proposals are made to such a subject. 
However, these proposals are inadequate for the P2P communication. 
[0011] 

In these references, when the packet is transmitted to an outer 
position from an inner position, the judging condition of the access control 
is dynamically changed so that a packet in the reverse direction is allowed 
to be transmitted in judging transmission/discard of the packet. Thereby, it 
is supposed that bidirectional communication is performed between the 
outer position and the inner position. 
[0 0 12] 

However, with such an art, unless a packet is transmitted towards 
the outer position from the inner position, the bidirectional communication 
cannot be performed. In short, it is impossible to perform bidirectional 
communication after transmitting a packet to the inner position from the 
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outer position first. 
[0013] 

(Problem 2) Vulnerableness over a DOS attack 

To cope with a problem 1, it is considered to set up a judging 
condition statically under which a packet that fulfills specific conditions is 
allowed to be transmitted. However, since an address of a terminal is 
dynamically set up by DHCP in the present ISP and a hot spot, it is next to 
impossible to lay down such specific conditions as a matter of fact. 
[0 0 14] 

If such a setup is performed, occurrence of DOS (Denial Of 
Service) attack by a person with malice who forges a packet which fulfills 
the judging conditions cannot be prevented. 
[0015] 

In reference 3, usable bandwidth is controlled by using traffic 
shaping against illegal access of the DOS attack. However, when the packet 
by illegal access and the packet by legal access are intermingling and 
flowing, the traffic shaping may result in restricting a bandwidth of 
communication by the legal access unjustly, therefore, it is extremely 
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difficult to limit the traffic shaping only to the packet by the illegal access. 
(Problem 3) Measures to encryption 

In the prior access control, information in a packet is referred to in 
judgment of transmission/discard. However, when the packet is encrypted 
in order to prevent wiretapping by a third person, since the information in 
the packet cannot be referred to in the access control, the judgment of the 
transmission/discard become impossible. 

[REFERENCE 1] published Japanese Patent Application Laid-Open 
No. Hei 8-44642 

[REFERENCE 2 J Japanese translation of PCT international application 
No. Hei 10-504168 

[REFERENCE 3] published Japanese Patent Application Laid-Open 
No. 2000-124955 

[NON-PATENTED REFERENCE 1] reference name: "Internet 
QoS," coauthored by Paul Ferguson and Geott Huston, translation 
supervised by Iwao Toda, date of issue: May 5, 2000 

[NON-PATENTED REFERENCE 2] reference name: RFC2401 "IP 
Encapsulating Security Payload (ESP)," coauthored by S. Kent and R. 
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Atkinson, date of issue: November, 1998 

[NON-PATENTED REFERENCE 3] reference name: RFC2460 
"Internet Protocol, Version6 (IPv6) Specification", coauthored by S. 
Deering and R. Hinden, date of issue: November, 1998 
[TECHNICAL PROBLEM] 

An object of the present invention is to offer an access-controlling 
method which can perform more flexible access control and can correspond 
to encryption of a packet, and an art related thereto. 
[0016] 
[MEANS] 

A first aspect of the present invention provides an 
access-controlling method for controlling access of a terminal of an outside 
network to a server of an inside network using a repeater, the inside 
network and the outside network being relayed by the repeater, the 
access-controlling method comprising: permitting transmission of packets 
sent by the terminal to the server under limited conditions; changing 
conditions to generate changed conditions that define packet transmission 
from the terminal to the server, when the server acknowledges connection 
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between the terminal and the server according to the packets sent under the 
limited conditions; and controlling the packet transmission from the 
terminal to the server under the changed conditions. 
[0 0 17] 

According to the construction described above, a terminal of the 
outside network and a server of the inside network can take at least two 
transmission states besides discarding a packet. One is a state of 
performing communication restricted according to the limited conditions, 
and the other is a state of communicating under looser conditions, or 
severer conditions. Therefore, a more flexible access control can be 
performed than an alternative access control of the so-called 
transmission/discard. Furthermore, bidirectional communication can be 
performed after transmitting the packet to the inner position from the outer 
position first. 

[0 0 18] 

A second aspect of the present invention provides an 
access-controlling method as described in the first aspect, wherein the 
limited conditions limit bandwidth of the packet transmission from the 
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terminal to the server within a predetermined range. 
[0 0 19] 

According to the construction described above, even when packets 
by illegal access should reach the server before the server acknowledges 
connection to the acknowledged packet, adding a limit of the bandwidth 
restricts the illegal packets in quantity and the server can be protected from 
the illegal access. 
[0 0 2 0] 

A third aspect of the present invention provides an 
access-controlling method as described in the first aspect, wherein the 
packets sent under the limited conditions include authentication 
information to be sent to the server. 
[0 0 2 1] 

According to the construction described above, transmission of 
authentication information is made in a state that the limited conditions are 
imposed. Since only the terminal attested for authentication information 
can access the server on the changed conditions, the server can be protected 
from illegal access. 
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[0 0 2 2] 

A fourth aspect of the present invention provides an 
access-controlling method as described in the second aspect, wherein the 
changing conditions further comprises changing conditions of a flow that is 
defined using an address of the terminal, an port number of the terminal, an 
address of the server, and a port number of the server. 
[0 0 2 3] 

According to the construction described above, the access control 
can be performed only for the corresponding flow, distinguished from the 
other flows. 

[0 0 2 4] 

A fifth aspect of the present invention provides an 
access-controlling method for controlling access of a terminal of an outside 
network to a server of an inside network using a repeater, the inside 
network and the outside network being relayed by the repeater, the 
access-controlling method comprising: receiving encrypted packets from 
the terminal; decoding the encrypted packets; and notifying access control 
information concerning the encrypted packets to the repeater. 
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[0 0 2 5] 

According to the construction described above, even when the 
repeater cannot acquire sufficient information to be used for the access 
control since packets are encrypted, the repeater can perform an exact 
access control using a notification from the server 
[0 0 2 6] 

This information includes correspondence relationship of 
information of an encrypted portion (an upper-layer protocol class, a 
source/destination port number) that the repeater cannot refer, and 
information of the non-encrypted portion (ID of IPv4, and Flow-Label of 
IPv 5/6) which can be referred to from the repeater. 
[0 0 2 7] 

An eighth aspect of the present invention provides an 
access-controlling method as described in the first aspect, further 
comprising: storing access control information in the server; and storing 
the access control information in the repeater, wherein, when the server 
changes the access control information, the server notifies the repeater that 
the access control information has changed. 
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[0 0 2 8] 

According to the construction described above, when the server 
tries to change the information independently, a notification is made from 
the server. Thereby, consistency of the access control between the server 
and the repeater is maintained, and unity of the access control as a whole 
communication system can be maintained. 
[0 0 2 9] 
[EMBODIMENTS OF THE INVENTION] 

Hereinafter, preferred embodiments of the present invention are 
now explained with reference to the drawings. Fig. 1 is a diagram 
illustrating how a communication system is constructed according to a first 
embodiment of the present invention, Fig. 2 is a block diagram of a 
repeater according to the first embodiment, and Fig. 5 is a block diagram of 
a WEB server according to the first embodiment. 
[0 0 3 0] 

As shown in Fig. 1, the communication system has an outside 
network 7 illustrated on the upper-side of a repeater 6 and an inside 
network 1 illustrated on the lower-side of the repeater 6. 
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[0 03 1] 

A LAN cable 2 is laid in the inside network 1. The repeater 6, a 
WEB server 3, an intra-office mail server 4, an intra-office DB server 5, 
and other client terminals (not illustrated) belonging to the inside network 
are connected to the LAN cable 2. 
[0 0 3 2] 

The repeater 6 is connected to both networks 8 and the LAN cable 

2. 

[0 0 3 3] 

There are the networks 8 in the outside network 7, and a terminal 9 
is allowed only to receive WEB service by the WEB server 3. On the other 
hand, a terminal 10 is a computer which an employee of a company, who 
usually use the inside network 1, has brought to a business trip place. The 
terminal 10 is allowed to receive service by the WEB server 3 and the 
intra-office mail server 4. 
[0 0 3 4] 

Service of the intra-office DB server 5 can be used only inside the 
inside network 1, and access from outside the inside network 1 is 
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forbidden, 

[0 0 3 5] 

Here, an embodiment that the terminal 9 is allowed to use service of 
the WEB server 3, and forbidden to use service of the intra-office mail 
server 4 can be realized by the prior alternative access control of the 
so-called transmission/discard; thereby the explanation regarding this point 
is omitted. 

[0 0 3 6] 

A problem to be discussed in the present invention is to allow the 
terminal 10 to use the intra-office mail server 4, protecting the intra-office 
mail server 4 from illegal access. 
[0 0 3 7] 

The repeater 6 is explained in detail using Fig. 2. First, a control 
unit 60 controls each component of the repeater 6. 
[0 0 3 8] 

A communication unit 61 is connected to the networks 8 of the 
outside network 7 . A communication unit 62 is connected to the LAN cable 
2 of the inside network L 
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[0 0 3 9] 

A storing unit 67 comprises storage media, such as a memory. As 
shown in Fig. 3 (a), in a state before connection of the terminal 10 is 
acknowledged, the storing unit 67 stores information which correlatively 
describes, for every flow number, a flow concerning a packet transmitted 
via the communication units 61 and 62 (an address and a port number of a 
source, and an address and a port number of a destination), a threshold TH 
of a bandwidth of the corresponding flow (in the present embodiment, the 
number of packets per second is used for the bandwidth), and a measured 
value Vn of the bandwidth of the corresponding flow. This information is 
called flow-defining information hereinafter. 
[0 0 4 0] 

Flows for which connection can be acknowledged are defined in the 
storing unit 67 beforehand, and a flow which is not completely related to 
anyone of the flows defined in the storing unit 67 is eliminated as illegal 
access. 

[004 1] 

A transition of the contents of the storing unit 67 is briefly 
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summarized. A threshold TH of a bandwidth in the storing unit 67 is set as 
a small value until the intra-office mail server 4 of the inside network 1 
acknowledges connection from the terminal 10 of the outside network 7. 
The threshold TH is changed into a bigger value when the intra-office mail 
server 4 acknowledges the connection. 
[0 0 4 2] 

As shown in Fig. 3 (a), a total of four flows of flow numbers 1 to 4 
are defined in the present embodiment. A flow number 1 is related with 
service of the intra-office DB server 5, and cannot be accessed from any 
addresses of the outside network 7 (threshold TH = 0). 
[0 04 3] 

A flow number 2 is related with service leaving from a terminal (a 
server or a client terminal) belonging to the inside network 1 to the outside 
network 7, and can access freely from any addresses of the inside network 
1 (threshold TH=infinity). 
[0 0 4 4] 

A flow number 3 is related with service of the WEB server 3, and 
can access freely from any addresses of the outside network 7 (threshold 
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TH=infinity). 

[0 0 4 5] 

A flow number 4 is related with service of the intra-offiee mail 
server 4, and can access from any addresses of the outside network 7 under 
limited conditions (threshold TH = 10). This access is limited to a POP in 
which a protocol classification concerns password transmission. 
[0 0 4 6] 

As described later, the terminal 10 that is going to access the 
intra-office mail server 4 sends a packet according to the flow number 4 to 
the intra-office mail server 4 under fixed conditions. The conditions are 
greatly loosened, after the intra-office mail server 4 issues an explicit 
packet which acknowledges the communication (a packet of which the 
SYN-ACK flag is turned on). 
[0 04 7] 

In Fig. 2, a classifying unit 63 classifies a flow of packets according 
to the flow-defining information stored by the storing unit 67. 
[0 04 8] 

A measuring unit 64 measures a bandwidth of a classified flow, and 
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stores the measured value in the field of "measured value" of the 
corresponding flow number in the storing unit 67. 
[0 0 4 9] 

A judging unit 65 compares a measured value Vn and a threshold 
TH of the bandwidth which are stored in the storing unit 67 regarding the 
classified flow, and makes judgment of transmitting when Vn<=TH, 
otherwise makes judgment of discarding. 
[0 0 5 0] 

Hereinafter, in order to simplify explanation, the judging unit 65 is 
assumed to make only two kinds of judgments: "transmitting" and 
"discarding." However, there are cases in which the judging unit 65 does 
not make the judgment of "discarding" a packet, but may make judgment of 
delaying transmission of the packet or changing priority of the packet. 
These alternatives are also included in the present invention. 
[0 0 5 1] 

In a bandwidth control unit 66, packets that a judging unit 65 has 
judged to transmit are set. The bandwidth control unit 66 sends the packets 
from the communication units 61 and 62 one by one according to a rule of 
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the bandwidth control, unless the packets are discarded in the bandwidth 
control unit 66. 

[0 0 5 2] 

A bandwidth control method in the bandwidth control unit 66 of the 
present embodiment is arbitrary. For example, queuing such as FIFO, RED 
and RIO, and schedulers such as PQ and WRR can be freely chosen for 
use. 

[0 0 5 3] 

Next, the intra-office mail server 4 is explained in detail using Fig. 
5. First, a control unit 40 controls each component of the intra-office mail 
server 4. A communication unit 41 is connected to a LAN cable 2. 
[0 0 5 4] 

A storing unit 48 comprises storage media, such as a memory, and 
has the same contents as the storing unit 67 of the repeater 6 has. Although 
the contents of the storing unit 48 and the contents of the storing unit 67 
may not agree with each other temporarily, the disagreement of this 
information will be immediately fixed by a change notice mentioned later. 
Of course, the transition of the storing unit 48 is basically the same as that 
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of the storing unit 67. 
[0 0 5 5] 

An application unit 42 executes an application (mail service) that 
realizes the function as the intra-office mail server 4. 
[0 0 5 6] 

An encryption unit 43 decodes an encrypted packet. The 
information relating to the encrypted packet and usable for an access 
control is notified to the repeater 6 via the communication unit 41 . 
[0 0 5 7] 

In the packet that is encrypted by IP-Sec etc., even information that 
is necessary for classifying the packet will be encrypted during the access 
control. Therefore, the classification of the packet becomes imperfect. The 
information that is necessary for the access control can be acquired only by 
the intra-office mail server 4 of the source or the destination. The 
intra-office mail server 4 can decode the encrypted packet. 
[0 0 5 8] 

In the IP of the version 6 for the TCP/IP, a flow label is introduced 
in order to enable the classification of packets even when two or more such 
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encrypted packets are intermingled. However, only the source/destination 
terminals can judge, in terms of the flow label, a relation with the 
source/destination port number that is encrypted. 
[0 0 5 9] 

In the present embodiment, the encryption unit 43 is provided in the 
intra-office mail server 4. When the information necessary for classification 
in the access control is acquired from the packet that is decoded, the 
information is not only held at the intra-office mail server 4, but also 
notified to the repeater 6. Thereby, the consistency for classification 
processing of the repeater 6 and the classification processing of the 
intra-office mail server 4 is maintained. 
[0 0 6 0] 

In Fig. 5, a classifying unit 44, a measuring unit 45, a judging unit 
46, and a bandwidth control unit 47 are the same as those of the classifying 
unit 63, the measuring unit 64, the judging unit 65, and the bandwidth 
control unit 66 in Fig. 2. 
[0 0 6 1 ] 

Thus, the classifying unit 44 classifies the flow of the packets 
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according to the flow-defining information stored in the storing unit 48. 
[0 0 6 2] 

The measuring unit 45 measures a bandwidth of the flow that is 
classified, and stores the measured value Vn in the field of "measured 
value" of the corresponding flow number in the storing unit 48. 
[0 0 6 3] 

As for the classified flow, the judging unit 46 compares the 
measured value Vn and the threshold TH of the bandwidth that are stored 
in the storing unit 48. If Vn<=TH, the judging unit 46 makes judgment of 
"transmitting"; otherwise, the judging unit 48 makes judgment of 
"discarding". 

[0 0 6 4] 

Packets that are made judgment of "transmitting" by the judging 
unit 45 are set in the bandwidth control unit 47. The bandwidth control unit 
47 sends the packets one by one from the communication unit 41 according 
to a rule of the bandwidth control, as long as the bandwidth control unit 47 
does not discard the packets in itself. 
[0 0 6 5] 
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The bandwidth control method in the bandwidth control unit 47 of 
the present embodiment is arbitrary. For example, queuing such as FIFO, 
RED and RIO, and schedulers such as PQ and WRR can be freely chosen 
to use. 

[0 0 6 6] 

(Change notice) 

In packet exchange communication, there are two methods: 
connection-oriented communication, which notifies connection request and 
explicit acknowledgment to the connection request, and connectionless 
communication, which does not notify connection request or explicit 
acknowledgment to the connection request. 
[0 0 6 7] 

In TCP/IP, which is currently the most spread-out communication 
protocol of the Internet, there are TCP as the connection-oriented 
communication and UDP as the connectionless communication. 
[0 0 6 8] 

In the TCP and the UDP, in order to perform plural communications 
independently between a pair of terminals (a server is included in the 
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terminals), the terminals assign port number for each communication. 
[0 0 6 9] 

The classifying unit 63 of the repeater 6 refers to the 
source/destination address, a source/destination port, and the upper-layer 
protocol class that indicates either the TCP or the UDP. Thus, the 
classifying unit 63 of the repeater 6 is able to classify the plural 
communications. 
[0 0 7 0] 

In the TCP that is the connection-oriented communication, the 
intra-office mail server 4, which has received a packet (a packet whose 
SYN flag in the TCP flag is "ON") that requests the connection, sends a 
packet (a packet whose SYN-ACK flag is "ON" or a packet whose ACK 
flag in "ON") that acknowledges the connection when the connection is 
acknowledged. 

[0 0 7 1] 

When the connection is not acknowledged, on the other hand, the 
intra-office mail server 4 sends a packet (a packet whose FIN flag in the 
TCP flag is "ON") indicating that the connection is not acknowledged. 
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[0 0 7 2] 

In the TCP/TP, to indicate explicitly that the connection is not 
acknowledged, a message of "Destination Unreachable" of ICMP may be 
sent in response, in addition to the FIN packet of the TCP. Sending the 
message is commonly used in the TCP and the UDR 
[0 0 7 3] 

The UDP is the connectionless communication which does not send 
or receive a packet requesting connection or a packet explicitly indicating 
acknowledged connection/not-acknowledged connection. In the UDP, a 
packet may be used as a trigger for sending and receiving by referring to a 
set of source/destination address and source/destination port number of the 
packet. 

[0 0 7 4] 

Since the connectionless communication does not send or receive a 
packet requesting connection or a packet explicitly indicating 
acknowledged connection/not-acknowledged connection, the judgment of 
the access control in the connectionless communication may become less 
accurate. 
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[0 0 7 5] 

In the present embodiment, when the intra-office mail server 4 
makes explicit acknowledgment of connection to the terminal 10, irrelevant 
to the intention of the repeater 6, a change notice is issued from the 
intra-office mail server 4 to the repeater 6. Thereby, the storing unit 67 of 
the repeater 6 and the storing unit 48 of the intra-office mail server 4 can 
share the same information. 
[0 0 7 6] 

If the change notice is used in better way, the information of the 
access control may be held by the repeater 6 and the intra-office mail server 
4 in a distributed manner. This feature is worthy to note, compared to the 
prior method in which the repeater 6 must have all the information 
regarding the access control. This feature reduces the amount of 
information that the repeater 6 should possess and also reduces processing 
burdens of the repeater 6. In the repeater 6, it is not necessary to hold the 
information of the flow that is not transmitted; therefore, the processing 
burdens can be further reduced. 
[0 0 7 7] 
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By use of the change notice, the agreement of the contents of 
processing for the bandwidth control between the intra-office mail server 4 
and the repeater 6 is securable. 
[0 0 7 8] 

Thus, such unfavorable situations that a packet which has reached 
from the intra-office mail server 4 to the repeater 6 is discarded by the 
repeater 6 because of insufficient bandwidth, or that a bandwidth required 
by other flow is pressed because the outward bandwidth is secured too 
much by the repeater 6, can be prevented. 
[0 0 7 9] 
(Bandwidth control) 

In a packet exchanging network, bandwidth control can be 
performed only by a sending side of packets because of restrictions due to 
the system. 

[0 0 8 0] 

Therefore, as for a packet from the intra-office mail server 4 to the 
repeater 6, the bandwidth control can be performed only by the intra-office 
mail server 4, but as for a packet from the repeater 6 to the intra-office mail 
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server 4, the bandwidth control can be performed only by the repeater 6. 
[0 0 8 1] 

In the present embodiment, the bandwidth control units are 
provided in both of the repeater 6 and the intra-office mail server 4, in 
order to prevent the bandwidth of the intra-office mail server 4 from being 
used illegally by responding to an illegal access from outside. 
[0 0 8 2] 

Next, operation of the repeater 6 is explained referring to Fig. 4. 
First at Step 1, the control unit 60 waits for a packet to arrive at the 
communication unit 61 or the communication unit 62. 
[0 0 8 3] 

At Step 2, when a packet arrives, the packet is confirmed whether or 
not it is a change notice from the intra-office mail server 4. If the packet is 
a change notice, at Step 3, the control unit 60 updates the contents of the 
storing unit 67 as the change notice describes. Thereby, the consistency of 
the contents for the storing unit 67 and the contents of the storing unit 48 is 
guaranteed. 

[0 0 8 4] 
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If the packet is not a change notice, at the Step 4, the control unit 60 
orders the classifying unit 63 to perform classification. Then, the 
classifying unit 63 confirms whether or not a flow corresponding to the 
packet exists in the storing unit 67. 
[0 0 8 5] 

If the corresponding flow exists, at Step 5, the classifying unit 63 
confirms whether or not each value (the address, the port number, etc. 
regarding the source and the destination) of the flow is fixed. The 
classifying unit 63 starts the confirmation from a flow with the largest flow 
number to a flow with smaller flow number, as arrows in Fig. 3 show. That 
the value is not fixed in the confirmation means that the value is uncertain, 
as shown by a symbol " * " in Fig. 3. 
[0 0 8 6] 

When the values are not fixed, at Step 6, the classifying unit 63 
adds a new entry (a flow number becomes the number that "1" is added to 
the largest flow number for the moment), and sets each value (the address, 
the port number, etc. regarding the source and the destination) that is 
acquired from the packet of the new entry, and moves the processing to 
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Step 7. When the values are fixed, the classifying unit 63 moves the 
processing from Step 5 to Step 7, since it is not necessary to add a new 
flow. 

[0 0 8 7] 

At Step 4, if no corresponding flow exists, there is a possibility of 
illegal access. Therefore, the classifying unit 63 stops the classification and 
sends a notice of the possibility of illegal access to the control unit 60. 
Upon receipt of the notice, the control unit 60 moves the processing to Step 
10 immediately and discards the packet. 
[0 0 8 8] 

At Step 7, the measuring unit 64 measures the transmission speed of 
a corresponding flow, and the measured value Vn is set to the field of the 
measured value of the corresponding flow. 
[0 0 8 9] 

At Step 8, the judging unit 65 compares the measured value Vn and 
the threshold TH of the corresponding flow. If Vn<==TH, the judging unit 
65 makes judgment of "transmitting", and the packet is outputted to the 
bandwidth control unit 66. Then, following the bandwidth control method, 
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the bandwidth control unit 66 outputs the packet via the communication 
unit 61 or the communication unit 62, as long as the bandwidth control unit 
66 by itself does not discard the packet. 
[0 0 9 0] 

Otherwise, the judging unit 65 makes judgment of "discarding", and 
the packet is discarded without being outputted to the bandwidth control 
unit 66. 

[0 0 9 1] 

Then, the processing after Step 1 is repeated until the processing is 
completed (Step 11). 
[0 0 9 2] 

Next, operation of the intra-office mail server 4 is explained using 
Fig. 6. At step 31, the control unit 40 sets "OFF" as an initial value to a 
change flag. The flag indicates whether or not contents of the storing unit 
48 have changed by the decision of intra-office mail server 4. "ON" means 
that the contents have changed, and "OFF" means that the contents have 
not changed. If the flag is "ON", it means that there is disagreement 
between the contents of the storing unit 48 and the contents of the storing 
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unit 67. Thus, a change notice is supposed to be issued for the repeater 6 at 
the appropriate timing (Step 46). 
[0 0 9 3] 

At Step 32, the control unit 40 waits for a packet to arrive at the 
communication unit 41 . At Step 33, the control unit 40 performs processing 
of application by the application unit 42 until a packet arrives. 
[0 0 94] 

When a packet arrives, at Step 34, the packet is confirmed whether 
it has been encrypted or not. If the packet has been encrypted, the control 
unit 40 makes the encryption unit 43 decode the packet at Step 35, and 
moves the processing to Step 36. If the packet is not encrypted, the control 
unit 40 moves the processing to Step 36 from Step 34. 
[0 0 9 5] 

Next, at Step 36, the control unit 40 orders the classifying unit 44 to 
perform classification. Then, the classifying unit 44 confirms whether or 
not a flow corresponding to the packet exists in the storing unit 48. 
[0 0 9 6] 

If the flow exists, the classifying unit 44 confirms whether each 
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value (the address, the port number, etc. regarding the source and the 
destination) of the flow is fixed or not at Step 37. As well as the classifying 
unit 63, the classifying unit 44 starts the confirmation from a flow with the 
largest flow number to a flow with smaller flow number, as arrows in Fig. 3 
show. That the value is not fixed in the confirmation means that the value is 
uncertain, as shown by a symbol " * " in Fig. 3. 
[0 0 9 7] 

When the values are not fixed, at Step 38, the classifying unit 44 
adds a new entry (a flow number becomes the number that "1" is added to 
the largest number for the moment), and sets each value (the address, the 
port number, etc. regarding the source and the destination) that is acquired 
from the packet of the new entry. The change flag is set to "ON", since 
disagreement between the contents of the storing unit 48 and the contents 
of the storing unit 67 may occur due to the processing at Step 38. 
[0 0 9 8 ] 

Then, the processing is moved to Step 39. At Step 39, the 
classifying unit 44 confirms the control unit 40 whether the packet, whose 
flag of SYN-ACK acknowledging the connection to the terminal 10 is 
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"ON", will be sent or not. If the packet is sent, at Step 40, in the storing unit 
48, the value of infinity (communication is accepted freely) is set to the 
threshold TH of the corresponding flow in order to loosen the limited 
conditions of the corresponding flow, and then the processing is moved to 
Step 41. If the packet is not sent, the classifying unit 44 moves the 
processing to Step 41 from Step 39. 
[0 0 9 9] 

At Step 37, if the values are fixed, the classifying unit 44 moves the 
processing from Step 37 to Step 41, since it is not necessary to add a new 
flow. 

[0 10 0] 

At Step 36, if no corresponding flow exists, there is a possibility of 
illegal access. Therefore, the classifying unit 44 stops the classification and 
sends a notice of the possibility of illegal access to die control unit 40. 
Upon receipt of the notice, the control unit 40 moves the processing to Step 
44 immediately and discards the packet. 
[0101] 

At Step 41, the measuring unit 45 measures the transmission speed 
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of the corresponding flow, and the measured value Vn is set to the field of 
the measured value of the corresponding flow. 
[0 10 2] 

At Step 42, the judging unit 46 compares the measured value Vn 
and the threshold TH of the corresponding flows. If Vn<=TH, the judging 
unit 46 makes judgment of "transmitting", and the packet is outputted to the 
bandwidth control unit 47. Then, following the bandwidth control method, 
the bandwidth control unit 47 outputs the packet via the communication 
unit 41, as long as the bandwidth control unit 47 by itself does not discard 
the packet. 

[0103] 

Otherwise, the judging unit 46 makes judgment of "discarding", and 
the packet is discarded without being outputted to the bandwidth control 
unit 47. 

[0 10 4] 

Then, the processing after Step 32 is repeated until the processing is 
completed (Step 48) 
[0 10 5] 



44 



The flow of processing for communication between the terminal 10 
and the intra-office mail server 4 is explained using Figs. 7 and 3. The flow 
begins with requesting by the terminal 10 for the connection with the 
intra-office mail server 4 under limited conditions, acknowledging the 
connection, loosening the conditions, and ending with starting smooth 
communication. 
[0 1 0 6 ] 

First, at time tl of Fig. 7, the terminal 10 sends a packet 
(information including authentication information, such as an account and a 
password) whose SYN flag is "ON" to the intra-office mail server 4 
according to the POP protocol. At this time, the contents of the storing unit 
48 and the storing unit 67 are as shown in Fig. 3 (a). 
[0 10 7] 

Since the packet belongs to the flow number 4, the communication 
is acknowledged if the measured value V4 of the flow is less than the 
threshold TH. 

[0108] 

However, in the present example, at around the time tl, the 
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measured value V4 is unfortunately greater than the threshold TH; 
therefore, communication fails and a packet whose FIN flag is "ON" is sent 
back to the terminal 10 from the intra-office mail server 4 at time t2. 
[0 10 9] 

The terminal 10 reduces the transmission speed of the packet, and 
sends the packet whose SYN flag is "ON" to the intra-office server 4 once 
again at time t3. Then, the above-mentioned limited conditions are fulfilled, 
and a packet whose SYN-ACK flag is "ON" and acknowledges the 
connection from the intra-office mail server 4 to the terminal 10 is returned 
at time t4. 

[0 1 10] 

At this time, the contents of the storing unit 48 once change, as 
shown in Fig. 3 (b). Thus, a new entry (flow number 5), which has copied 
the contents of the flow number 4, is created, and each value, such as the 
address of the terminal 10 and the port number, is set. 
[0111] 

As shown in Fig. 3 (c), as for the flow number for which the 
connection is acknowledged, the threshold TH is expanded to infinity from 
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"10", and the conditions are loosened. Then, the intra-office mail server 4 
notifies the repeater 6 of the change with a change notice; therefore, the 
contents of the storing unit 67 also agree with the contents of Fig. 3(c). 
[0 112] 

After time t5, smooth communication by a large bandwidth is 
performed. 

[0113] 

At time t9, in order to receive the mail service itself this time, the 
terminal 10 sends a packet (information including a password) whose SYN 
flag is "ON" to the intra-office mail server 4 according to the MAIL 
protocol. 

[0 114] 

Then, as shown in Fig. 3 (d), the intra-office mail server 4 adds a 
new entry (flow number 6), and the communication by the MAIL protocol 
is executed. Of course, change of the storing unit 48 at this time is 
immediately notified to the repeater 6, and the changed contents of the 
storing unit 48 are immediately reflected in the storing unit 67. 
[0 115] 
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[EFFECT OF THE INVENTION] 

According to the present invention, instead of alternative-access 
controls such as transmission/discard, a more flexible access control can be 
performed within the limits of the bandwidth, which is controlled not to 
cause difficulties for other legal access communications. 
[0 116] 

Furthermore, according to the present invention, accurate judgment 
regarding the access control for the connectionless communication or the 
encrypted communication, which has been difficult with the prior art, can 
be made, by sending access control information to the repeater from the 
inside network. 

[DESCRIPTION OF DRAWINGS] 
P% 1] 

Fig. 1 is a diagram illustrating how a communication system is 
constructed according to a first embodiment of the present invention. 
[Fig. 2] 

Fig. 2 is a block diagram illustrating a repeater according to the first 
embodiment. 
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[Fig- 3] 

Fig. 3 (a) is a descriptive illustration showing a transition of a 
storing unit according to the first embodiment. 

Fig. 3 (b) is a descriptive illustration showing a transition of a 
storing unit according to the first embodiment. 

Fig. 3 (c) is a descriptive illustration showing a transition of a 
storing unit according to the first embodiment. 

Fig. 3 (d) is a descriptive illustration showing a transition of a 
storing unit according to the first embodiment. 
[Fig. 4] 

Fig. 4 is a flowchart illustrating the repeater according to the first 
embodiment. 
[Fig- 5] 

Fig. 5 is a block diagram illustrating the server according to the first 
embodiment. 
[Fig. 6] 

Fig. 6 is a flowchart illustrating the server according to the first 
embodiment 
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[Fig. 7] 

Fig. 7 is a time chart showing packet transmission according to the 
first embodiment. 
[DESCRIPTION OF SYMBOLS] 

1 inside network 

2 LAN cable 

3 WEB server 

4 intra-office mail server 

5 intra-office DB server 

6 repeater 

7 outside network 

8 networks 
9, 10 terminal 

40, 60 control unit 

4 1 , 6 1 , 62 communication unit 

42 application unit 

43 encryption unit 
44,63 classifying unit 
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45, 64 measuring unit 

46, 65 judging unit 

47, 66 bandwidth control unit 

48, 67 storing unit 



[DOCUMENT NAME] ABSTRACT 
[ABSTRACT] 

[PROBLEM TO BE SOLVED] An object of the present invention is 
to offer an access-controlling method which can perform more flexible 
access control and can correspond to encryption of a packet. 

[SOLUTION] Access from a terminal 10 of an outside network 7 to 

a server 4 of an inside network 1 is put under control. A repeater and the 
server permit a packet transmission from the terminal to the server under 
limited conditions. When the server acknowledges connection for the 
permitted packet, the transmission conditions for packets to be sent to the 
server are loosened. After then, packet transmission between the terminal 
and the server is controlled under the loosened transmission conditions. As 
for encrypted packets, the server decodes the encrypted packets and notifies 
the relevant information to the repeater. 
[SELECTED FIGURE] Fig. 1 
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Fig. 1 
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Fig. 2 
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60 control unit 

63 classifying unit 

64 measuring unit 

65 judging unit 

66 bandwidth control unit 

67 storing unit 
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step 5 value fixed? 

step 6 setting additional entry 

step 7 measuring 

step 8 judging 

step 9 sending packet to bandwidth control unit 
step 10 discarding packet 
step 11 completed? 
end 

Fig. 5 
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48 storing unit 
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step 47 change flag = OFF 

step 48 completed? 
end 
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